Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.
BianLian gang’s pivot. HinataBot is a Go-based threat. The US Social Security Administration is impersonated in attempted vishing attacks. BlackSnake in the RaaS criminal market. More Silicon Valley Bank-themed phishing. Caleb Barlow from Cylete on security implications you need to consider now about Chat GPT. Our guest is Isaac Roth from LeakSignal with advice on securing the microservices application layer. And Russian operators exploit an Outlook vulnerability.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/52
Selected reading.
BianLian Ransomware Gang Continues to Evolve ([redacted])
Uncovering HinataBot: A Deep Dive into a Go-Based Threat (Akamai)
Social InSecurity: Armorblox Stops Attack Impersonating Social Security Administration (Armorblox)
Netskope Threat Coverage: BlackSnake Ransomware (Netskope)
Fresh Phish: Silicon Valley Bank Phishing Scams in High Gear (INKY)
Outlook zero day linked to critical infrastructure attacks (Cybersecurity Dive)
CVE-2023-23397: Exploitations in the Wild – What You Need to Know (Deep Instinct)
Everything We Know About CVE-2023-23397 (Huntress)
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability (Microsoft Security Response Center)
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/52
Selected reading.
BianLian Ransomware Gang Continues to Evolve ([redacted])
Uncovering HinataBot: A Deep Dive into a Go-Based Threat (Akamai)
Social InSecurity: Armorblox Stops Attack Impersonating Social Security Administration (Armorblox)
Netskope Threat Coverage: BlackSnake Ransomware (Netskope)
Fresh Phish: Silicon Valley Bank Phishing Scams in High Gear (INKY)
Outlook zero day linked to critical infrastructure attacks (Cybersecurity Dive)
CVE-2023-23397: Exploitations in the Wild – What You Need to Know (Deep Instinct)
Everything We Know About CVE-2023-23397 (Huntress)
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability (Microsoft Security Response Center)
The podcast CyberWire Daily is embedded on this page from an open RSS feed. All files, descriptions, artwork and other metadata from the RSS-feed is the property of the podcast owner and not affiliated with or validated by Podplay.